EduGeek.net - Zero Day Windows LNK Exploit

Sections
News
Recent Jobs

IT Coordinator position at Edinburgh University Students Association

EUSA is a registered charity and one of the largest Students’ Associations in the UK, with a turnover of £9.5 million. EUSA provides high quality representation

IT Media Technician, Roedean School, Brighton, BN2 5RQ 16.9k-18.9k fulltime,fullyear

Existing Media tech promoted to Snr IT Tech leaving post vacant:

ROEDEAN Independent boarding & day school for girls aged 11

IT Support Technician - Tonbridge, Kent - Closes 20/2/12

Advertised in the Kent & Sussex Courier dated 10/2/12. I have no business contact with this school (but ED is a student there)

Vacancies

Database manager wanted Bryanston School Dorset

We have a post for a database manager responsible for looking after and developing the school MIS (iSAMs). Great working environment with a strong team

Park High School, Stanmore, Middlesex - Deputy Network Manager

PARK HIGH SCHOOL
Thistlecroft Gardens
Stanmore
Middlesex
HA7 1PL

Headteacher: Mr Emlyn Lumley

ICT Support Technician - High Park School, Bradford

Please see here for more job details:

ICT Support Technician , High Park School

Closing Date for applications: Wednesday

Zero Day Windows LNK Exploit

by
CAM

Published on 28th July 2010 01:13 AM

5 Comments

UPDATE: Microsoft have released a patch to fix the vulnerability here. Remove any temporary workaround provided by antivirus companies before installing it. Thanks to ajbritton and Arthur for the heads up.

Sophos have released a tool to block the CPLINK exploit present in all versions of the Windows Operating Ssytem from XP onwards. The exploit utilises compromised .LNK files (AKA shortcuts) to run potentially malicious code on a system by merely viewing the icon of the shortcut in a folder, network share or WebDAV folder.

The Sophos tool is available here but no patch is currently available from Microsoft to close the exploit.

Further information is available from MS Security Advisory 2286198.
5 Comments
ajbritton - 28th July 2010, 07:14 AM

According to Enterprise Security Today | Free Tools Can Fix Windows Shortcut Vulnerability, there is also a free tool from G Data

Reply

CAM - 28th July 2010, 10:08 AM

Thanks AJ. I didn't spot the GData solution.

Reply

ajbritton - 31st July 2010, 06:58 PM

Microsoft will be patching this next week...

Stuxnet, malicious .LNKs, ...and then there was Sality - Microsoft Malware Protection Center - Site Home - TechNet Blogs

Reply

Arthur - 2nd August 2010, 11:29 PM

The patches have now been released...

Microsoft Security Bulletin MS10-046 - Critical: Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)

Reply

ajbritton - 3rd August 2010, 08:28 AM

Sophos have noted that their protection should tool should be removed before installing the MS patch.

Reply
vBulletin Message

Cancel Changes

Recent Posts

Insulation, Sink, Camcorder etc

I'm on my phone atm so I can't see your location.

How much for the gas bottle...is it full or empty?
nephilim Today, 10:33 PM

Insulation, Sink, Camcorder etc

10 rolls of 100mm loft insulation
White Sink with Pedestal
Polariod Camcorder
Calor Gas Blue Bottle for pato heaters
Under
ticker Today, 10:25 PM

ICT Asset Disposal - Policy & Procedure

Hi All,

We are looking at re-vamping our pathetic attempt of a policy and procedure guideline.

Just wondering if any of
rfonti Today, 10:23 PM

SOLUS3 pkg file issue

[MENTION=15381]Rawns[/MENTION] Having same problem. SIMS suport remoted in, but no joy. Could not remove SYSTEM from permissions as inherited. created
CadlaM Today, 10:23 PM

Win 7 logon screen help

This topic has been discussed in this thread:

Link: http://www.edugeek.net/forums/window...s-7-login.html
DaveP Today, 10:06 PM

Samsung Printer Status - "The Port is Not Connected. Check it" - Anyone seen this?

I've had a couple of 3310's for years and never seen this.

Ben
plexer Today, 09:33 PM
Recent Blog Posts

Check who is logged into a machine

From time to time you may wish to find out who is logged into a machine. I find this batch file handy for doing this. Its quick, simple and easy. Just copy and paste the below code into notepad...
FN-GM 9th February 2012 02:24 AM

How to - System Centre Configuration Manager - Part 3 (Initial Configuration)

Welcome to Part 3 of my System Centre Configuration Manager (SCCM) series! I know its taken me a bit longer to get this lot sorted, and I hope that Im covering the mailbag of questions Ive had - but...
TheScarfedOne 7th February 2012 11:39 AM

Follow EduGeek on Twitter